forked from moby/swarmkit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
secrets.go
132 lines (119 loc) · 3.23 KB
/
secrets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
package store
import (
"strings"
"github.com/docker/swarmkit/api"
memdb "github.com/hashicorp/go-memdb"
)
const tableSecret = "secret"
func init() {
register(ObjectStoreConfig{
Table: &memdb.TableSchema{
Name: tableSecret,
Indexes: map[string]*memdb.IndexSchema{
indexID: {
Name: indexID,
Unique: true,
Indexer: api.SecretIndexerByID{},
},
indexName: {
Name: indexName,
Unique: true,
Indexer: api.SecretIndexerByName{},
},
indexCustom: {
Name: indexCustom,
Indexer: api.SecretCustomIndexer{},
AllowMissing: true,
},
},
},
Save: func(tx ReadTx, snapshot *api.StoreSnapshot) error {
var err error
snapshot.Secrets, err = FindSecrets(tx, All)
return err
},
Restore: func(tx Tx, snapshot *api.StoreSnapshot) error {
secrets, err := FindSecrets(tx, All)
if err != nil {
return err
}
for _, s := range secrets {
if err := DeleteSecret(tx, s.ID); err != nil {
return err
}
}
for _, s := range snapshot.Secrets {
if err := CreateSecret(tx, s); err != nil {
return err
}
}
return nil
},
ApplyStoreAction: func(tx Tx, sa api.StoreAction) error {
switch v := sa.Target.(type) {
case *api.StoreAction_Secret:
obj := v.Secret
switch sa.Action {
case api.StoreActionKindCreate:
return CreateSecret(tx, obj)
case api.StoreActionKindUpdate:
return UpdateSecret(tx, obj)
case api.StoreActionKindRemove:
return DeleteSecret(tx, obj.ID)
}
}
return errUnknownStoreAction
},
})
}
// CreateSecret adds a new secret to the store.
// Returns ErrExist if the ID is already taken.
func CreateSecret(tx Tx, s *api.Secret) error {
// Ensure the name is not already in use.
if tx.lookup(tableSecret, indexName, strings.ToLower(s.Spec.Annotations.Name)) != nil {
return ErrNameConflict
}
return tx.create(tableSecret, s)
}
// UpdateSecret updates an existing secret in the store.
// Returns ErrNotExist if the secret doesn't exist.
func UpdateSecret(tx Tx, s *api.Secret) error {
// Ensure the name is either not in use or already used by this same Secret.
if existing := tx.lookup(tableSecret, indexName, strings.ToLower(s.Spec.Annotations.Name)); existing != nil {
if existing.GetID() != s.ID {
return ErrNameConflict
}
}
return tx.update(tableSecret, s)
}
// DeleteSecret removes a secret from the store.
// Returns ErrNotExist if the secret doesn't exist.
func DeleteSecret(tx Tx, id string) error {
return tx.delete(tableSecret, id)
}
// GetSecret looks up a secret by ID.
// Returns nil if the secret doesn't exist.
func GetSecret(tx ReadTx, id string) *api.Secret {
n := tx.get(tableSecret, id)
if n == nil {
return nil
}
return n.(*api.Secret)
}
// FindSecrets selects a set of secrets and returns them.
func FindSecrets(tx ReadTx, by By) ([]*api.Secret, error) {
checkType := func(by By) error {
switch by.(type) {
case byName, byNamePrefix, byIDPrefix, byCustom, byCustomPrefix:
return nil
default:
return ErrInvalidFindBy
}
}
secretList := []*api.Secret{}
appendResult := func(o api.StoreObject) {
secretList = append(secretList, o.(*api.Secret))
}
err := tx.find(tableSecret, by, checkType, appendResult)
return secretList, err
}